Platform
wordpress
Component
wp_attractivedonationssystem
Fixed in
1.25.1
CVE-2025-58999 describes a Cross-Site Request Forgery (CSRF) vulnerability discovered in the WP Attractive Donations System - Easy Stripe & Paypal donations WordPress plugin. This flaw allows an attacker to trick authenticated users into unknowingly executing unwanted actions, potentially leading to unauthorized modifications of donation configurations or user data. The vulnerability impacts versions 1.0.0 through 1.25, and a patch is expected to be released by the vendor.
A successful CSRF attack could allow an attacker to manipulate the plugin's settings without the user's knowledge or consent. This could involve altering donation amounts, redirecting payments, or even modifying user roles within the plugin's administration interface. The impact is amplified if the plugin is integrated with other systems or services, as a compromised donation configuration could have cascading effects. While the plugin itself may not directly expose sensitive user data, successful manipulation could lead to financial losses for the website owner and a diminished user trust.
CVE-2025-58999 was publicly disclosed on 2025-12-16. There are currently no known public proof-of-concept exploits available. The vulnerability's impact is considered medium, and it is not currently listed on the CISA KEV catalog. Active exploitation is not confirmed at this time, but the public disclosure increases the risk of exploitation.
Exploit Status
EPSS
0.02% (5% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-58999 is to upgrade to a patched version of the WP Attractive Donations System plugin as soon as it becomes available. Until a patch is released, consider implementing a temporary workaround by adding CSRF tokens to all sensitive actions within the plugin's admin interface. Web Application Firewalls (WAFs) configured with CSRF protection rules can also provide an additional layer of defense. Regularly review plugin access logs for suspicious activity and consider limiting access to the plugin's admin interface to authorized personnel only.
No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-58999 is a Cross-Site Request Forgery (CSRF) vulnerability affecting versions 1.0.0–1.25 of the WP Attractive Donations System plugin, allowing attackers to forge requests and potentially modify settings.
If you are using WP Attractive Donations System version 1.0.0 through 1.25, you are potentially affected by this vulnerability. Check your plugin version and upgrade as soon as a patch is available.
The recommended fix is to upgrade to a patched version of the WP Attractive Donations System plugin. Until a patch is released, consider implementing CSRF tokens or using a WAF.
Active exploitation is not currently confirmed, but the public disclosure increases the risk. Monitor your systems for suspicious activity.
Refer to the vendor's website or WordPress plugin repository for the official advisory and patch release information.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.